CN113259136B

CN113259136B - Multi-client cooperative authentication method, device, equipment and medium for feature recognition

Info

Publication number: CN113259136B
Application number: CN202110765016.1A
Authority: CN
Inventors: 周迪; 徐爱华; 贺正方; 张帅; 郭山清; 张文宇; 朱英妹
Original assignee: Zhejiang Uniview Technologies Co Ltd
Current assignee: Zhejiang Uniview Technologies Co Ltd
Priority date: 2021-07-07
Filing date: 2021-07-07
Publication date: 2021-11-16
Anticipated expiration: 2041-07-07
Also published as: CN113259136A

Abstract

The embodiment of the invention discloses a multi-client cooperative authentication method, a multi-client cooperative authentication device, a multi-client cooperative authentication equipment and a multi-client cooperative authentication medium for feature recognition. The method comprises the following steps: determining the current first-class identity information of a current end user; determining current account hash summary information corresponding to an input account of a current end user and current password hash summary information corresponding to an input password according to the current first type identity information; inquiring prestored password hash summary information and prestored second-type identity information related to the current account hash summary information; comparing the current password hash abstract information with the inquired pre-stored password hash abstract information; and when the password hash abstract comparison is passed, determining the current second identity information of the current end user through the cooperation end, and comparing and authenticating the current second identity information with the inquired prestored second identity information. By adopting the scheme of the application, the login authentication can be performed without the original login information of the user through the cooperation of the multi-client and the multi-biological characteristic acquisition and authentication.

Description

Multi-client cooperative authentication method, device, equipment and medium for feature recognition

Technical Field

The embodiment of the invention relates to the technical field of computers, in particular to a multi-client cooperative authentication method, a multi-client cooperative authentication device, a multi-client cooperative authentication equipment and a multi-client cooperative authentication medium for feature recognition.

Background

For the account system, the original information of the user is transmitted to the server, and once the server is invaded by a hacker, the original information of the user is completely leaked. At present, the identity authentication of a user is performed by inputting an account and a password or by face recognition, but in many cases, due to the problem of equipment configuration, the identity authentication can only be weakened into the identity authentication of inputting single information, which affects the reliability of the identity authentication.

Disclosure of Invention

The embodiment of the invention provides a multi-client cooperative authentication method, a multi-client cooperative authentication device, a multi-client cooperative authentication equipment and a multi-client cooperative authentication medium for feature recognition, so as to realize identity authentication of multiple biological features in a multi-client cooperative mode.

In a first aspect, an embodiment of the present invention provides a multi-client cooperative authentication method for feature recognition, which is applied to a server, and the method includes:

when communication connection with a current end is triggered, determining current first-class identity information of a current end user;

determining current account hash summary information corresponding to an input account of a current end user and current password hash summary information corresponding to an input password according to the current first type identity information;

inquiring prestored password hash abstract information and prestored second-type identity information associated with the current account hash abstract information from locally prestored hash abstract login registration information;

comparing the current password hash abstract information with the inquired pre-stored password hash abstract information;

when the password hash abstract comparison is passed, determining the current second identity information of the current end user through the cooperation end, and comparing and authenticating the current second identity information with the inquired prestored second identity information;

the second type of identity information is scrambled facial feature information or total hash digest information, and the hash digest login registration information comprises login registered second type of identity information and an account hash digest and a password hash digest associated with the second type of identity information.

In a second aspect, an embodiment of the present invention further provides a multi-client cooperative authentication apparatus for feature recognition, configured on a server, where the apparatus includes:

the first-class identity information determining module is used for determining the current first-class identity information of the current-end user when the communication connection with the current end is triggered;

the password hash abstract determining module is used for determining current account hash abstract information corresponding to an input account of a current end user and current password hash abstract information corresponding to an input password according to the current first-class identity information;

the second type identity information determining module is used for inquiring the pre-stored password hash abstract information and the pre-stored second type identity information which are associated with the current account hash abstract information from the locally pre-stored hash abstract login registration information;

the password hash abstract comparison module is used for performing password hash abstract comparison on the current password hash abstract information and the inquired pre-stored password hash abstract information;

the cooperative authentication module is used for determining the current second identity information of the current end user through the cooperative end when the password hash abstract comparison is passed, and comparing and authenticating the current second identity information with the inquired prestored second identity information;

In a third aspect, an embodiment of the present invention further provides an electronic device, including:

one or more processors;

storage means for storing one or more programs;

the one or more programs are executed by the one or more processors, so that the one or more processors implement the multi-client cooperative authentication method for feature recognition as any of the features provided in the embodiments of the present invention.

In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the multi-client cooperative authentication method for feature recognition as any of the methods provided in the embodiments of the present invention.

The embodiment of the invention provides a multi-client cooperative authentication scheme for feature recognition, which is characterized in that when communication connection with a current end is triggered, the current first-class identity information of a current end user is determined; determining current account hash summary information corresponding to an input account of a current end user and current password hash summary information corresponding to an input password according to the current first type identity information; inquiring prestored password hash abstract information and prestored second-type identity information associated with the current account hash abstract information from locally prestored hash abstract login registration information; comparing the current password hash abstract information with the inquired pre-stored password hash abstract information; and when the password hash abstract comparison is passed, determining the current second-class identity information of the current-end user through the cooperative end, and comparing and authenticating the current second-class identity information with the inquired prestored second-class identity information. By adopting the scheme, the problem that part of the clients do not support multiple biological characteristic acquisition during login authentication can be solved through client cooperation, the original login information of the user does not need to be stored in the server and the clients, and login authentication can be performed without the original login information of the user through multi-client cooperative multi-biological characteristic acquisition and authentication, so that the eavesdropping risk caused by frequent input of account names and passwords is avoided.

The above summary of the present invention is merely an overview of the technical solutions of the present invention, and the present invention can be implemented in accordance with the content of the description in order to make the technical means of the present invention more clearly understood, and the above and other objects, features, and advantages of the present invention will be more clearly understood.

Drawings

Other features, objects and advantages of the invention will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:

fig. 1 is a flowchart of a multi-client cooperative authentication method for feature recognition provided in an embodiment of the present invention;

FIG. 2 is a flowchart of another feature-recognition multi-client cooperative authentication method provided in an embodiment of the present invention;

FIG. 3 is a flowchart of a multi-client cooperative authentication method with feature recognition provided in an embodiment of the present invention;

FIG. 4 is a flowchart of a multi-client cooperative authentication method with feature recognition provided in an embodiment of the present invention;

FIG. 5 is a flowchart of a multi-client cooperative authentication method with feature recognition provided in an embodiment of the present invention;

fig. 6 is a block diagram of a multi-client cooperative authentication apparatus for feature recognition according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of an electronic device provided in an embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only a part of the structure related to the present invention is shown in the drawings, not the whole structure.

Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.

Fig. 1 is a flowchart of a multi-client cooperative authentication method for feature recognition according to an embodiment of the present invention. The technical scheme of the embodiment can be suitable for the condition of identity authentication when the client is used for logging in the login system. The method can be executed by a multi-client cooperative authentication device with characteristic identification, and the device can be realized in a software and/or hardware mode and is integrated on any electronic equipment with a network communication function; the electronic device may be a server deployed in a network, such as an authentication server. As shown in fig. 1, the multi-client cooperative authentication method for feature recognition in the embodiment of the present invention may include the following steps:

s110, when the communication connection between the server and the current end is triggered, the current first-class identity information of the current end user is determined.

The login system can comprise a client and a server, and the client and the server are connected through the Internet. The current client can be a current client which is in communication connection with the server for login authentication, and other clients can be included in the login system, so that the login system is not limited to the current client. The current first type of identity information may be total hash digest information read from an identity store or current scrambled facial feature information of the current end user.

And when the current first-class identity information is the current scrambling facial feature information of the current end user, when the current end user logs in the system for authentication, the facial features of the current end user can be obtained by collecting the facial details of the current end user, and the corresponding scrambling facial features are obtained by scrambling and used as the current scrambling facial feature information of the current end user. The facial features may indicate facial feature details, for example, the facial features may include: facial contour, age, color value, gender, facial expression, and the like.

For the first type of identity information currently being the total hash digest information read from the identity storage, the current end may read the pre-stored total hash digest information from the identity storage provided by the current end user. The pre-stored total hash digest information may be obtained by hashing and pre-storing account hash digest information, password hash digest information, and server fingerprint information that are registered when the front-end user performs login registration. The account hash abstract information and the password hash abstract information of login registration are obtained by hashing an account and a password which are input when a current end user logs in and registers.

S120, according to the current first-class identity information, current account hash summary information corresponding to the current user input account and current password hash summary information corresponding to the input password are determined.

The server can determine the first kind of identity information when the current end user logs in and registers, and can also determine and bind an account hash model and a password hash model used when the current end user inputs an account name and a password to log in and register. Therefore, when the current end user performs login authentication, the first type identity information during matching login registration can be searched according to the current first type identity information during current login authentication of the current end user, an account hash model and a password hash model bound with the first type identity information during matching login registration are further searched, and the input account and the password of the current end user are respectively hashed according to the searched account hash model and the searched password hash model to obtain corresponding current account hash digest information and current password hash digest information.

In an alternative of this embodiment, determining the current account hash digest information corresponding to the input account of the current end user and the current password hash digest information corresponding to the input password according to the current first type identity information of the current end user may include steps a1-a 2:

step A1, determining an account hash model and a password hash model associated with the current first-class identity information of the current end user from the locally pre-stored hash model login registration information, and issuing to the current end.

Step A2, obtaining a current account hash model and a password hash model used by the current end, and respectively hashing the account and the password input by the current end user to obtain current account hash digest information and current password hash digest information.

The hash model login registration information comprises first identity information when the front-end user logs in and registers, and an associated account hash model and a password hash model.

In an alternative example, when the first type of identity information is scrambled facial feature information, the hash model login registration information includes the scrambled facial features at the time of login registration and the associated account hash model and password hash model. At this time, the feature similarity comparison may be performed between the current scrambled facial feature information and at least one piece of scrambled facial feature information of login registration included in the locally pre-stored hash digest login registration information, and the scrambled facial feature information having the feature similarity greater than the preset similarity threshold value is queried from the locally pre-stored hash digest login registration information as the scrambled facial feature information matched by the current end user. And then finding the account hash model and the password hash model bound by the scrambled facial feature information matched with the current end user to obtain the account hash model and the password hash model associated with the current first-class identity information.

In another optional example, when the first type of identity information is total hash digest information, the hash model login registration information includes pre-stored total hash digest information at the time of login registration and associated account hash model and password hash model. At this time, the pre-stored total hash digest information read by the current end from an identity memory provided by the current end user is used as the current first-class identity information, the similarity comparison is carried out on the total hash digest information of login registration included in the hash digest login registration information locally pre-stored in the read total hash digest information, and the total hash digest information with the similarity larger than a preset similarity threshold value is inquired from the locally pre-stored hash digest login registration information and used as the total hash digest information matched with the current end user. And finding the account hash model and the password hash model bound with the total hash summary information matched with the current end user to obtain the account hash model and the password hash model associated with the current first-class identity information.

The current end receives an account hash model and a password hash model issued by the server, obtains an account name and a password input by the current end user through an interface, and hashes account information and password information input by the current end user respectively by adopting the account hash model and the password hash model to obtain account hash abstract information and password hash abstract information corresponding to the account name and the password input by the current end user. And then, the current end sends the hashed summary information of the current account and the hashed summary information of the current password, which are obtained by hashing and correspond to the account and the password input by the user at the current end, to the server.

S130, pre-stored password hash summary information and pre-stored second-type identity information related to the current account hash summary information are inquired from the locally pre-stored hash summary login registration information.

When login and registration are carried out in advance in a login system, besides the first-class identity information when the current end user logs in and registers is stored in advance, the account name and the password input by the current user are also determined, the account name and the password input by the current user are hashed to obtain the corresponding account hash abstract information and the corresponding password hash abstract information when login and registration are carried out and pre-stored, and the pre-stored account hash abstract information and the pre-stored password hash abstract information can be obtained and added into the hash abstract login and registration information. In addition, the second type of identity information during login and registration is added to the hash digest login and registration information, and the association relationship among the first type of identity information of the current end user during login and registration, the first type of identity information during login and registration, and the account hash digest information and the password hash digest information during login and registration is recorded.

Optionally, when the first type of identity information is total hash digest information, the second type of identity information is scrambled facial feature information; and when the first type of identity information is the scrambled facial feature information, the second type of identity information is the total hash summary information. The total hash abstract information is obtained by hashing the account hash abstract information, the password hash abstract information and the server fingerprint information.

The identity storage device can be an identity storage card for storing identity information of a user, for example, the identity storage device can be a U shield or other storage media for storing data, and each person stores one identity storage card by keeping the identity storage card by the user, so that the identity information is prevented from being stolen by using the identity storage device. When the identity storage is inserted into the client, the client is triggered to establish session connection with the server. When logging in and registering, the identity storage card receives total hash digest information obtained by hashing account hash digest information, password hash digest information and server fingerprint information of logging in and stores the total hash digest information as prestored total hash digest information.

In an alternative of this embodiment, querying the pre-stored password hash digest information and the pre-stored second-type identity information associated with the current account hash digest information from the locally pre-stored hash digest login registration information may include the following steps:

and step B1, comparing the current account hash digest information corresponding to the current user input account with at least one account hash digest information during login registration included in the locally pre-stored hash digest login registration information by similarity.

And step B2, inquiring the pre-stored password hash abstract information and the pre-stored second-type identity information which are associated with the account hash abstract information with the similarity larger than the preset similarity threshold from the locally pre-stored hash abstract login registration information.

Because the hash abstract login registration information comprises the first-class identity information of the front-end user during login registration, the first-class identity information during login registration and the association relationship between the account hash abstract information and the password hash abstract information during login registration, the account hash abstract information during login registration in the hash abstract login registration information is traversed, and the similarity between the current account hash abstract information and the traversed account hash abstract information during login registration is calculated. And by comparing the similarity, inquiring the pre-stored password hash abstract information and the pre-stored second-type identity information which are associated with the account hash abstract information during login and registration and have the similarity larger than a preset similarity threshold. Optionally, the cosine distance or the euclidean distance is used for comparing the similarity, and the comparison success is represented when the similarity is higher than a preset similarity threshold.

The machine fingerprint of the server must be guaranteed to be impossible to copy, and is prevented from being counterfeited. Optionally, the server fingerprint information may include a hash of a hard disk serial number and a user login date, and the like, and the machine fingerprint may also be implemented based on the PUF. In the machine fingerprint scheme implemented by the PUF, unpredictable and uncontrollable random physical factors in the device manufacturing process can cause micro-differences in microscopic physical structures, and independent challenge-response relations among device units are generated on input and output signals.

Because the physical characteristics of the devices are complex, the input values of the devices are unknown according to the output values generated by the function, and the devices cannot be copied. Alternatively, the feedback value of the PUF can be used as the machine fingerprint of the server, and an excitation value is stored, and when the machine fingerprint of the server needs to be obtained, the excitation value is input, so that a unique non-replicable feedback value can be obtained as the fingerprint. If a hacker replaces the original server with his own server and copies all data information stored in the original server, when the new server inputs the stimulus value, the feedback value obtained will be different, and thus the machine fingerprint will be different.

And S140, comparing the current password hash abstract information with the inquired pre-stored password hash abstract information.

The current password hash abstract information is obtained by hashing based on an account input by a current end user, and the inquired prestored password hash abstract information is obtained by hashing based on the account when the login registration of the current end user is input. Under the condition that the input account is the same, if the current password hash abstract information is consistent with the inquired pre-stored password hash abstract information, the hash abstract comparison is passed; otherwise, the hash digest comparison is failed.

S150, when the password hash abstract comparison is passed, determining the current second identity information of the current end user through the cooperation end, and comparing and authenticating the current second identity information with the inquired prestored second identity information.

The second type of identity information is scrambled facial feature information or total hash abstract information, and the hash abstract login registration information comprises login registered second type of identity information and an account hash abstract and a password hash abstract which are associated with the second type of identity information.

When login registration is carried out, a front-end user uses a client with complete multi-biological characteristic collection to carry out login registration, so that the same client can be used for obtaining the first type identity information and the second type identity information to carry out login registration. However, during actual login authentication, the current end used by the current end user may not have complete multi-biometric feature collection, and may only collect the first type of identity information but not the second type of identity information, so that when the server authenticates the current end user, the current end needs to obtain the current second type of identity information of the current end user by means of the collaboration end. If the current second-type identity information is consistent with the inquired pre-stored second-type identity information, the login authentication is successful; otherwise, the login authentication fails. The identity memory and the server do not store original information of the user, other people cannot obtain the account name and the password for authentication when picking up the identity memory card, and the account name and the password are not required to be directly input in each authentication.

According to the multi-client cooperative authentication scheme for feature recognition provided by the embodiment of the invention, the problem that part of clients do not support multiple biological feature acquisition during login authentication can be solved through client cooperation, original login information of a user does not need to be stored in a server and the clients, and login authentication can be carried out without the original login information of the user through multi-client cooperative multi-biological feature acquisition and authentication, so that the risk of eavesdropping caused by frequently inputting account names and passwords is avoided.

Fig. 2 is a flowchart of another feature-recognition multi-client cooperative authentication method provided in an embodiment of the present invention, and the technical solution of this embodiment is further optimized based on the above embodiment, and may be combined with various alternatives in one or more embodiments. As shown in fig. 2, the multi-client cooperative authentication method for feature recognition provided in this embodiment may include the following steps:

s210, when the communication connection with the current end is triggered, if the current end provides card reader service, reading the total hash abstract information from the identity storage of the current end user through the current end, and taking the total hash abstract information as the current first-class identity information.

The first type of identity information is total hash digest information.

Under the scene that the current end has no camera but can provide the card reading service, the server can send an identity information reading request to the current end so as to indicate the current end to read the pre-stored total hash abstract information generated by the login registration provided for the current end user from the pluggable identity storage of the current end. For example, a current end is inserted into the identity storage, the current end is triggered to establish session connection with the server, the server informs the current end to read the pre-stored total hash digest information in the identity storage, and the read pre-stored total hash digest information is sent to the server.

S220, according to the current first-class identity information, current account hash summary information corresponding to the current user input account and current password hash summary information corresponding to the input password are determined.

Optionally, the identity storage is an identity storage card, and the current-end user inserts the identity storage card into the current end to trigger the signaling session connection between the current end and the server. The user selects the acquisition source type of the identity information on the current end interface, namely, the identity storage card and the account password are selected, and the IP address of the cooperation end with the camera, which needs to be cooperatively shot, is input. The current end reads the pre-stored total hash abstract information generated by login registration provided for the current end user from the pluggable identity storage of the current end. The current end can send the selected option information, the IP address of the cooperative end and the total hash abstract pre-stored in the identity storage card to the server. After receiving the message, the server finds the corresponding account hash model and the corresponding password hash model according to the read total hash digest, and hashes the current user input account and the password to obtain the corresponding current account hash digest information and the current password hash digest information.

And S230, inquiring the pre-stored password hash abstract information and the pre-stored second-type identity information associated with the current account hash abstract information from the locally pre-stored hash abstract login registration information.

S240, comparing the current password hash abstract information with the inquired pre-stored password hash abstract information.

And S250, when the password hash abstract comparison is passed, determining the current second identity information of the current end user through the cooperative end, and comparing and authenticating the current second identity information with the inquired prestored second identity information.

The second type of identity information is scrambled facial feature information, and the hash abstract login registration information comprises login registered second type of identity information and an account hash abstract and a password hash abstract which are associated with the second type of identity information.

In an alternative of this embodiment, determining the current second type identity information of the current end user through the cooperative end may include the following steps C1-C2:

and step C1, determining a face scrambling model corresponding to the current account hash digest information of the current end user, and issuing the face scrambling model to a cooperative end providing face shooting service.

And step C, receiving a cooperative end providing a face shooting service, scrambling the collected face image of the current end user by adopting a face scrambling model to generate a current scrambled face image, and taking a feature vector extracted from the current scrambled face image as current second-class identity information.

In order to ensure the security of the face image, the server is triggered to establish session connection with the server during login registration, the server issues a face scrambling model, and the face scrambling model is used for scrambling the acquired face image of the current end user to obtain the scrambled face image used for login registration. Therefore, during login authentication, the server takes the face scrambling model used for login registration as the face scrambling model corresponding to the hash abstract information of the current account of the current end user and issues the face scrambling model to the cooperation end providing face shooting service, and the cooperation end scrambles the face image of the current user acquired during login authentication by adopting the face scrambling model to generate the current scrambled face image of the current end user.

Alternatively, a face scrambling model may be used to process the original face image and make the identity information represented by the scrambled image invisible to the human eye, while making the scrambled image without losing the original image information. For example, the face scrambling model may include, but is not limited to, the following: an Arnold renderer, XOR processing and the like. Optionally, the face scrambling model is not stored in the cooperative end, but only runs in a memory of the cooperative end, and is cleared immediately after the communication connection between the cooperative end and the server is disconnected.

And the collaboration terminal providing the face shooting service transmits the current scrambled face image generated by scrambling the face scrambling model to the server. And the server extracts the feature vector of the current scrambled face image of the current user to obtain the current scrambled face feature information which is used as the current second-type identity information. For example, the server extracts the feature vector from the current scrambled face image through the scrambled face neural network model to obtain the current scrambled face feature information of the current end user.

In this way, the server compares the similarity of the current scrambled facial feature information of the current end user with the second type of identity information prestored during registration of the corresponding current account summary information correlation query locally stored by the server by using the cosine distance or the Euclidean distance, and if the similarity exceeds a certain threshold value, the comparison is passed. And at this moment, all the multi-biological characteristic information is checked to pass, and subsequent business interaction is carried out.

Fig. 3 is a flowchart of still another feature recognition multi-client cooperative authentication method provided in an embodiment of the present invention, and the technical solution of this embodiment is further optimized based on the above embodiment, and may be combined with various alternatives in one or more of the above embodiments. As shown in fig. 3, the multi-client cooperative authentication method for feature recognition provided in this embodiment may include the following steps:

s310, when the communication connection with the current end is triggered, if the current end does not provide the card reader service, reading the total hash abstract information from the identity storage of the current end user through the cooperative end providing the card reader service, and taking the total hash abstract information as the current first-class identity information.

The first type of identity information is total hash digest information.

Under the scene that the current end does not have a camera and can not provide the card reading service, the server can send an identity information reading request to the cooperative end providing the card reader service so as to indicate the cooperative end providing the card reader service to read the pre-stored total hash summary information generated by login registration provided for the current end user from the pluggable identity memory of the current end user. For example, a coordination terminal providing card reader service is inserted into the identity storage, the coordination terminal providing card reader service is triggered to establish session connection with the server, and the server notifies the coordination terminal providing card reader service to read the pre-stored total hash digest information in the identity storage and sends the read pre-stored total hash digest information to the server.

In an alternative of this embodiment, the reading of the total hash digest information from the identity storage of the current end user by the cooperating end providing the card reader service may include steps D1-D2:

and D1, sending an invitation message by the multicast group address appointed in the management domain, and selecting the cooperative end providing the card reader service from the cooperative ends.

And D2, sending a card reading request to the collaboration end providing the card reader service, so that the collaboration end prompts the current end user to insert the identity storage at the collaboration end and read the total hash digest information from the identity storage.

The current end user triggers the current end to connect the server on the current end, and after the current end establishes communication connection with the server, an invitation message is sent by a multicast group address appointed in a management domain, for example 226.1.1.1, wherein the message carries the IP address of the server. The server can select a collaboration end, such as a card reader, which provides card reader service, from at least two collaboration ends, and the collaboration end which provides the card reader service initiates session connection establishment to the server after receiving the message. The server sends a message to a cooperation terminal providing the card reader service, and an indicator lamp of the cooperation terminal providing the card reader service flashes to prompt a user at the current terminal to insert the identity storage.

And the cooperative terminal providing the card reader service reads the pre-stored total hash abstract information provided for the current terminal user from the storage card and sends the total hash abstract information to the server. The server finds the account hash model and the password hash model which are locally stored and correspond to each other based on the received total hash abstract information, sends the two models to the current end so that the current end can obtain the account name and the password input by the user from the interface, and generates the account hash abstract information and the current password hash abstract by using the hash model to send the account hash abstract information and the current password hash abstract to the server.

S320, according to the current first-class identity information, current account hash summary information corresponding to the current user input account and current password hash summary information corresponding to the input password are determined.

S330, pre-stored password hash summary information and pre-stored second-type identity information related to the current account hash summary information are inquired from the locally pre-stored hash summary login registration information.

S340, comparing the current password hash abstract information with the inquired pre-stored password hash abstract information.

And S350, when the password hash abstract comparison is passed, determining the current second identity information of the current end user through the cooperative end, and comparing and authenticating the current second identity information with the inquired prestored second identity information.

The second type of identity information is scrambled facial feature information, and the hash abstract login registration information comprises login registered second type of identity information and an account hash abstract and a password hash abstract which are related to the second type of identity information.

In an alternative of this embodiment, determining, by the cooperative node, the current second type identity information of the current end user may include the following steps: and determining a face scrambling model corresponding to the hash abstract information of the current account of the current end user, and issuing the face scrambling model to a cooperative end providing face shooting service. And the cooperative terminal receiving the face shooting service scrambles the collected face image of the current end user by adopting a face scrambling model to generate a current scrambled face image, and takes a feature vector extracted from the current scrambled face image as the current second-class identity information.

Fig. 4 is a flowchart of still another feature recognition multi-client cooperative authentication method provided in an embodiment of the present invention, and the technical solution of this embodiment is further optimized based on the above embodiment, and may be combined with various alternatives in one or more embodiments. As shown in fig. 4, the multi-client cooperative authentication method for feature recognition provided in this embodiment may include the following steps:

and S410, when the communication connection with the current end is triggered, if the current end provides the face shooting service, a face scrambling model is issued to the current end so that the current end collects the face image of the user at the current end and scrambles the face image.

And S420, receiving a current scrambled face image generated by scrambling the face image of the current end user by the current end.

S430, extracting feature vectors of the current scrambled face image to obtain current scrambled face feature information, and using the current scrambled face feature information as current first-class identity information; the first type of identity information is scrambled face feature information.

S440, according to the current first-class identity information, current account hash summary information corresponding to the current user input account and current password hash summary information corresponding to the input password are determined.

S450, pre-stored password hash abstract information and pre-stored second-type identity information related to the current account hash abstract information are inquired from the locally pre-stored hash abstract login registration information.

And S460, performing password hash digest comparison on the current password hash digest information and the inquired pre-stored password hash digest information.

And S470, when the password hash abstract comparison is passed, determining the current second identity information of the current end user through the cooperative end, and comparing and authenticating the current second identity information with the inquired pre-stored second identity information.

The second type of identity information is total hash digest information, and the hash digest login registration information comprises login registered second type of identity information and an account hash digest and a password hash digest associated with the second type of identity information.

In an alternative of this embodiment, determining the current second type identity information of the current end user through the cooperative end may include steps E1-E2:

and step E1, sending an invitation message by the multicast group address appointed in the management domain, and selecting the cooperative end providing the card reader service from the cooperative ends.

And E2, sending a card reading request to the cooperative end providing the card reader service, so that the cooperative end prompts the user at the current end to insert the identity storage at the cooperative end and read the total hash digest information from the identity storage, and the total hash digest information is used as the current second-type identity information.

The current end user triggers the current end to connect the server on the current end, and after the current end establishes communication connection with the server, an invitation message is sent by a multicast group address appointed in a management domain, for example 226.1.1.1, wherein the message carries the IP address of the server. The server can select a collaboration end, such as a card reader, which provides card reader service, from at least two collaboration ends, and the collaboration end which provides the card reader service initiates session connection establishment to the server after receiving the message. The server sends a message to a cooperation terminal providing the card reader service, and an indicator lamp of the cooperation terminal providing the card reader service flashes to prompt a user at the current terminal to insert the identity storage. And a cooperative end indicator lamp providing the card reader service flashes to read total hash summary information prestored when the front-end user logs in and registers from the identity storage as the current second-type identity information.

Fig. 5 is a flowchart of still another feature recognition multi-client cooperative authentication method provided in an embodiment of the present invention, and the technical solution of this embodiment is further optimized based on the above embodiment, and may be combined with various alternatives in one or more embodiments. As shown in fig. 5, the multi-client cooperative authentication method for feature recognition provided in this embodiment may include the following steps:

s510, when communication connection with the current end is triggered, if the current end does not provide face shooting service, a face scrambling model is issued to a cooperative end providing the face shooting service, and the cooperative end is controlled to assist in acquiring and scrambling face images of users at the current end.

In an alternative of this embodiment, issuing a face scrambling model to a collaboration end providing a face shooting service, and controlling the collaboration end to assist in acquiring a face image of a current end user and scrambling may include steps F1-F2:

step F1, sending an offer message by the multicast group address appointed in the management domain, selecting the cooperative end providing the face shooting service from the cooperative ends, and sending the face scrambling model to the selected cooperative end.

Step F2, sending a shooting request to the collaboration end providing the face shooting service, so that the collaboration end prompts the current end user to shoot the face image, and scrambling the shot face image.

The current end user triggers the current end to connect the server on the current end, and after the current end establishes communication connection with the server, an invitation message is sent by a multicast group address appointed in a management domain, for example 226.1.1.1, wherein the message carries the IP address of the server. The server can select a collaboration end, such as a camera, which provides the face shooting service from at least two collaboration ends, and after receiving the message, the collaboration end which provides the face shooting service initiates session establishment to the server. The server sends a message to a coordination terminal providing the face shooting service, and an indicator lamp of the coordination terminal providing the face shooting service flashes to prompt a user at the current terminal to shoot a face image.

And S520, receiving a current scrambled face image generated by the face image of the current end user scrambled by the coordination terminal providing the face shooting service.

S530, extracting feature vectors of the current scrambled face image to obtain current scrambled face feature information, and using the current scrambled face feature information as current first-class identity information; the first type of identity information is scrambled face feature information.

And S540, determining the current account hash digest information corresponding to the current user input account and the current password hash digest information corresponding to the input password according to the current first type identity information.

And S550, inquiring the pre-stored password hash abstract information and the pre-stored second-type identity information associated with the current account hash abstract information from the locally pre-stored hash abstract login registration information.

And S560, comparing the current password hash abstract information with the inquired pre-stored password hash abstract information.

And S570, when the password hash abstract comparison is passed, determining the current second identity information of the current end user through the cooperative end, and comparing and authenticating the current second identity information with the inquired pre-stored second identity information.

In an alternative of this embodiment, determining, by the cooperative node, the current second type identity information of the current end user may include the steps of: and sending an invitation message by using the multicast group address appointed in the management domain, and selecting a cooperative end for providing the card reader service from at least two cooperative ends. And sending a card reading request to a cooperative end providing card reader service so that the cooperative end prompts a user at the current end to insert an identity storage at the cooperative end and read the total hash abstract information from the identity storage as the current second-type identity information.

Fig. 6 is a block diagram of a multi-client cooperative authentication apparatus for feature recognition according to an embodiment of the present invention. The technical scheme of the embodiment can be suitable for the condition of identity authentication when the client is used for logging in the login system. The device can be realized in a software and/or hardware mode and is integrated on any electronic equipment with a network communication function; the electronic device may be a server deployed in a network, such as an authentication server. As shown in fig. 6, the multi-client cooperative authentication apparatus for feature recognition in the present embodiment may include the following:

a first type identity information determining module 610, configured to determine current first type identity information of a current-end user when a communication connection with the current end is triggered;

a password hash digest determining module 620, configured to determine, according to the current first-class identity information, current account hash digest information corresponding to an input account of the current end user and current password hash digest information corresponding to the input password;

a second type identity information determining module 630, configured to query, from locally pre-stored hash digest login registration information, pre-stored password hash digest information and pre-stored second type identity information associated with the current account hash digest information;

a password hash digest comparison module 640, configured to perform password hash digest comparison between the current password hash digest information and the queried pre-stored password hash digest information;

the cooperative authentication module 650 is configured to determine, by the cooperative terminal, the current second-type identity information of the current-end user when the password hash digest comparison is passed, and compare and authenticate the current second-type identity information with the queried pre-stored second-type identity information;

On the basis of the foregoing embodiment, optionally, when the first type of identity information is total hash digest information, the second type of identity information is scrambled facial feature information; or when the first type of identity information is scrambled facial feature information, the second type of identity information is total hash digest information; the total hash abstract information is obtained by hashing the account hash abstract information, the password hash abstract information and the server fingerprint information.

On the basis of the foregoing embodiment, optionally, determining, according to the current first-type identity information, current account hash digest information corresponding to an input account of a current end user and current password hash digest information corresponding to an input password includes:

determining an account hash model and a password hash model associated with the current first-class identity information from locally pre-stored hash model login registration information, and issuing the account hash model and the password hash model to a current end;

acquiring current account hash summary information and current password hash summary information, which are obtained by respectively hashing an account and a password input by a current end user by using an account hash model and a password hash model at the current end;

On the basis of the foregoing embodiment, optionally, when the first type identity information is total hash digest information, determining current first type identity information of a current end user includes:

when the current end provides card reader service, reading total hash summary information from an identity storage of a user at the current end through the current end, and taking the total hash summary information as current first-class identity information; alternatively, the first and second electrodes may be,

and when the current end does not provide the card reader service, reading the total hash abstract information from the identity memory of the current end user through a cooperative end providing the card reader service, and taking the total hash abstract information as the current first-class identity information.

On the basis of the foregoing embodiment, optionally, reading, by a cooperating end providing a card reader service, total hash digest information from an identity storage of a current end user, includes:

sending an invitation message by a multicast group address appointed in a management domain, and selecting a cooperative end for providing card reader service from cooperative ends;

and sending a card reading request to a collaboration end providing a card reader service so that the collaboration end prompts a user at the current end to insert an identity storage at the collaboration end and read the total hash abstract information from the identity storage.

On the basis of the foregoing embodiment, optionally, determining, by the cooperative node, the current second type identity information of the current end user includes:

determining a face scrambling model corresponding to the hash abstract information of the current account of the current end user, and issuing the face scrambling model to a cooperative end providing face shooting service;

and receiving a cooperative end providing a face shooting service, scrambling the acquired face image of the current end user by adopting a face scrambling model to generate a current scrambled face image, and taking a feature vector extracted from the current scrambled face image as the current second-class identity information.

On the basis of the foregoing embodiment, optionally, when the first type of identity information is scrambled facial feature information, determining current first type of identity information of a current end user includes:

when the current end provides the face shooting service, a face scrambling model is issued to the current end so that the current end collects a face image of a user at the current end and scrambles the face image;

receiving a current scrambled face image generated by scrambling a face image of a current end user by a current end;

and extracting a feature vector of the current scrambled face image to obtain current scrambled face feature information, and using the current scrambled face feature information as current first-class identity information.

when the current end does not provide the face shooting service, a face scrambling model is issued to a cooperative end providing the face shooting service, and the cooperative end is controlled to assist in acquiring and scrambling a face image of a user at the current end;

receiving a current scrambled face image generated by a cooperative terminal providing a face shooting service by scrambling a face image of a current end user;

On the basis of the foregoing embodiment, optionally, issuing a face scrambling model to a collaboration end providing a face shooting service, and controlling the collaboration end to assist in acquiring a face image of a current end user and scrambling, includes:

sending an invitation message by a multicast group address appointed in a management domain, selecting a cooperative end for providing face shooting service from cooperative ends, and issuing a face scrambling model to the selected cooperative end;

and sending a shooting request to a collaboration end providing the face shooting service so that the collaboration end prompts a current end user to shoot a face image and scrambles the shot face image.

and sending a card reading request to a cooperative end providing card reader service so that the cooperative end prompts a user at the current end to insert an identity storage at the cooperative end and read the total hash abstract information from the identity storage as the current second-type identity information.

The multi-client cooperative authentication device for feature recognition provided in the embodiment of the present invention can execute the multi-client cooperative authentication method for feature recognition provided in any embodiment of the present invention, and has the corresponding functions and beneficial effects of the multi-client cooperative authentication method for feature recognition, and the detailed process refers to the related operations of the multi-client cooperative authentication method for feature recognition in the foregoing embodiment.

Fig. 7 is a schematic structural diagram of an electronic device provided in an embodiment of the present invention. As shown in fig. 7, the electronic device provided in the embodiment of the present invention includes: one or more processors 710 and storage 720; the processor 710 in the electronic device may be one or more, and one processor 710 is taken as an example in fig. 7; storage 720 for storing one or more programs; the one or more programs are executed by the one or more processors 710, so that the one or more processors 710 implement the multi-client cooperative authentication method for feature recognition according to any one of the embodiments of the present invention.

The electronic device may further include: an input device 730 and an output device 740.

The processor 710, the storage device 720, the input device 730, and the output device 740 in the electronic apparatus may be connected by a bus or other means, and fig. 7 illustrates an example of connection by a bus.

The storage 720 in the electronic device is used as a computer-readable storage medium for storing one or more programs, which may be software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the multi-client cooperative authentication method for feature recognition provided in the embodiments of the present invention. The processor 710 executes various functional applications and data processing of the electronic device by executing software programs, instructions and modules stored in the storage 720, namely, implementing the multi-client cooperative authentication method for feature recognition in the above method embodiments.

The storage 720 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the electronic device, and the like. Additionally, the storage 720 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the storage 720 may further include memory located remotely from the processor 710, which may be connected to the device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The input device 730 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic apparatus. The output device 740 may include a display device such as a display screen.

And, when the one or more programs included in the electronic device are executed by the one or more processors 710, the programs perform the following operations:

determining current account hash digest information corresponding to the current user input account and current password hash digest information corresponding to the input password according to the current first type identity information;

Of course, it will be understood by those skilled in the art that when one or more programs included in the electronic device are executed by the one or more processors 710, the programs may also perform operations related to the multi-client cooperative authentication method for feature recognition provided in any embodiment of the present invention.

An embodiment of the present invention provides a computer-readable medium, on which a computer program is stored, the computer program being executed by a processor to perform a multi-client cooperative authentication method for feature recognition, the method including:

Optionally, the program, when executed by the processor, may be further configured to perform a multi-client cooperative authentication method for feature recognition provided in any embodiment of the present invention.

Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), a flash Memory, an optical fiber, a portable CD-ROM, an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. A computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take a variety of forms, including, but not limited to: an electromagnetic signal, an optical signal, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, Radio Frequency (RF), etc., or any suitable combination of the foregoing.

Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).

In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims

1. A multi-client cooperative authentication method for feature recognition is applied to a server, and comprises the following steps:

determining current account hash digest information corresponding to the current user input account and current password hash digest information corresponding to the input password according to the current first type identity information; determining current account hash digest information corresponding to an input account of a current end user and current password hash digest information corresponding to an input password according to the current first type identity information, wherein the determining comprises the following steps: determining an account hash model and a password hash model associated with the current first-class identity information of the current end user from locally pre-stored hash model login registration information, and issuing to the current end; acquiring current account hash abstract information and current password hash abstract information which are obtained by respectively hashing an account and a password input by a current end user by using an account hash model and a password hash model;

when the first type of identity information is total hash digest information, the second type of identity information is scrambled face feature information; or when the first type of identity information is scrambled facial feature information, the second type of identity information is total hash digest information, and the hash digest login registration information comprises login registered second type of identity information and account hash digest information and password hash digest information associated with the second type of identity information; the total hash abstract information is obtained by hashing account hash abstract information, password hash abstract information and server fingerprint information.

2. The method of claim 1, wherein when the first type identity information is total hash digest information, determining the current first type identity information of the current end user comprises:

3. The method of claim 2, wherein reading the total hash digest information from the identity storage of the current end user through a cooperating end providing a card reader service comprises:

4. The method according to claim 2, wherein determining the current second type identity information of the current end user through the cooperative end comprises:

5. The method of claim 1, wherein determining the current first type identity information of the current end user when the first type identity information is scrambled facial feature information comprises:

6. The method of claim 1, wherein determining the current first type identity information of the current end user when the first type identity information is scrambled facial feature information comprises:

7. The method of claim 6, wherein issuing a face scrambling model to a collaboration end providing a face shooting service, and controlling the collaboration end to assist in acquiring and scrambling a face image of a current end user comprises:

8. The method according to claim 5 or 6, wherein determining the current second type identity information of the current end user through the cooperative end comprises:

9. A multi-client cooperative authentication apparatus for feature recognition, configured in a server, the apparatus comprising:

the password hash abstract determining module is used for determining current account hash abstract information corresponding to an input account of a current end user and current password hash abstract information corresponding to an input password according to the current first-class identity information; wherein the cryptographic hash digest determination module comprises: determining an account hash model and a password hash model associated with the current first-class identity information of the current end user from locally pre-stored hash model login registration information, and issuing to the current end; acquiring current account hash abstract information and current password hash abstract information which are obtained by respectively hashing an account and a password input by a current end user by using an account hash model and a password hash model;

10. An electronic device, comprising:

one or more processors;

storage means for storing one or more programs;

when executed by the one or more processors, cause the one or more processors to implement the multi-client collaborative authentication method for feature recognition of any of claims 1-8.

11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the multi-client cooperative authentication method for feature recognition according to any one of claims 1 to 8.